Closed pkerspe closed 7 years ago
seems I got it wrong, I found in Cors.php that the headers should be set correctly there. Unfortunately when I check the actual returned headers all I get is the Allow header in the OPTIONS response. I added $app->after($app["cors"]); to my SILEX setup and debugged into the app to see if the __invoke(Request $request, Response $response) function is called, and it actually is, yet the headers are not sent to the client. Not sure what goes wrong here
never mind, for some reason all works fine now, removed my changes and it still works for whatever reason :-)
Glad you got it working. Sometimes the browser caches these headers and you don't see your changes right away. My best guess is that you had something configured wrong and it got cached. You fixed the problem, but were still getting the cached version.
Allow
is an HTTP header intended to be used with the OPTIONS
method. CORS doesn't defines these, it just makes use of them. That's why you didn't find Allow
in the CORS specification. For reference, OPTIONS
is defined here https://tools.ietf.org/html/rfc7231#section-4.3.7 and Allow
is defined here https://tools.ietf.org/html/rfc7231#section-7.4.1.
I experienced some issues in swagger when only sticking ot the "Allow" header, swagger (in firefox) misses the header named "Access-Control-Allow-Methods" with the allowed request types. Thus I used the same values as for the "Allow" header and added to "Access-Control-Allow-Methods". According to RFC it seems there actually is no header called "Allow" but only "Access-Control-Allow-Methods" (https://www.w3.org/TR/cors/#access-control-allow-methods-response-header)